Cybersecurity Application Security Consultant

Profile: Cybersecurity Application Security Consultant - DevSecOps

Company:

Position Type:

Location:

Salary:

About the Role

Digital Defense is seeking a highly motivated and skilled Cybersecurity Application Security Consultant with expertise in DevSecOps practices to join our growing team in Bhopal. This is a permanent position where you will play a crucial role in integrating security into every phase of the Software Development Life Cycle (SDLC), from design to deployment and operations. You will work closely with development, operations, and QA teams to ensure our applications are secure by design and by default.

Key Responsibilities

• Security Integration:

   Integrate security tools and processes into CI/CD pipelines (DevSecOps) to automate security testing, vulnerability scanning, and compliance checks.

• Application Security Testing:

   Conduct various application security tests, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Interactive Application Security Testing (IAST), and Software Composition Analysis (SCA).

• Vulnerability Management:

   Identify, analyze, and prioritize security vulnerabilities in applications and provide actionable recommendations for remediation.

• Security Architecture Review:

   Participate in the design and architecture reviews of new and existing applications to identify potential security risks and recommend secure design patterns.

• Threat Modeling:

   Perform threat modeling exercises to identify potential threats and vulnerabilities early in the development lifecycle.

• Security Best Practices:

   Advocate for and implement secure coding guidelines, industry standards (e.g., OWASP Top 10, SANS Top 25), and security best practices within development teams.

• Security Training & Awareness:

   Provide guidance and training to development teams on secure coding practices and application security principles.

• Incident Response Support:

   Assist in the investigation and resolution of application security incidents.

• Documentation:

   Maintain comprehensive documentation of security findings, remediation efforts, and security policies.

Required Skills and Qualifications

• Education:

   Bachelor's degree or Engineer in Computer Science, Information Technology, Cybersecurity, or a related field.

• Experience:

   Proven experience (e.g., 3+ years) in application security, with a strong focus on DevSecOps principles and practices.

• Development Experience:

   Practical experience in software development, understanding the full development lifecycle.

• Technical Proficiency:

• Strong understanding of web application security vulnerabilities (OWASP Top 10) and secure coding practices.
• Experience with security testing tools (e.g., Burp Suite, OWASP ZAP, Nessus, SonarQube, Checkmarx, Fortify).
• Familiarity with CI/CD tools (e.g., Jenkins, GitLab CI/CD, Azure DevOps, GitHub Actions, samgrep, open grep).
• Proficiency in at least one scripting language (e.g., Python, Bash) for automation.
• Understanding of cloud security principles (AWS, Azure, GCP) is a plus.
• Knowledge of containerisation technologies (Docker, Kubernetes) and their security implications.

• DevSecOps Mindset:

   A strong understanding of how to embed security into agile and DevOps methodologies.

• Communication:

   Excellent written and verbal communication skills, with the ability to explain complex security concepts to technical and non-technical stakeholders.

• Problem-Solving:

   Strong analytical and problem-solving skills with a keen eye for detail.

Preferred Qualifications

• Engineering in Computer Science or Cybersecurity 
• Relevant industry certifications, including CEH, OSCP, Offensive Security Web Application certifications.
• Experience with security frameworks and compliance standards (e.g., ISO 27001, NIST, GDPR).
• Familiarity with various programming languages (e.g., Java, .NET, Python, Node.js).